Wednesday 13th April, 2005
Firm - not a book by John Grisham...not a song about "Star Trekking"...but in fact the catchily titled Federated Identity & Resource Management for Domino.

Whilst FirM has possibly one of the most complicated product names I've ever come across, the product itself is unbelievably simple. Essentially, for you Notes geeks out there, it's a massive extension to the adminp process in Domino. As you know, Domino will action some admin tasks on your behalf such as user renames. The old skool admins will remember making name changes and then manually having to go through all the groups and ACL's so the user had all the access and membership they did prior to the name change.

Not only does FirM provide more of this adminp style functionality, it also allows you to have more control over the existing ones. A single secure front end is provided through which all requests are processed. For those like myself who manage sites that have to comply with legislation such as Sarbanes Oxley, you have lots of policies and procedures in place...but how easy are they to stick to?

Say you've for a new user, Fred Bloggs, starting in the UK finance department next week. He needs an ID file, registered in the correct OU. He needs to have access to all the applications and shared mailboxes for Finance. He needs a mailfile created in a cluster of mailservers. He needs to be added to several email groups to ensure he's correctly on all the right distribution lists. He needs access to all the required servers. He needs the correct mail template. But on top of that, somebody needs to approve it all for compliance.

FirM takes all this under it's wing. With a single action from the HR department, they can request a new user called Fred Bloggs in the UK Finance department. No technical knowledge required, no additional access to names.nsf, admin4.nsf or any certlog. Certainly no certifiers to play around with. FirM just takes the request and processes it. The user is registered, using the correct OU certifier. A mailfile is created on the quietest mail server and replicated to other server for cluster failover. Fred's ID is emailed to the IT Support team ready to build his machine. The ID password is emailed to Fred's line manager to save a call to the Helpdesk on his first day. The finance mail group owner is emailed to confirm that he would like Fred added to the group. No permission, no addition. The same applies for any other groups. Group that are too large are automatically split into 2 and nested. All the way through a full audit trail is kept of who requested and who authorised.

Should Fred decide to move to the Marketing department in Spain 6 months later, FirM can handle all that. New mail server, new OU, new groups. All done automatically with little or no admin intervention.

Needless to say, I love this product and look forward to rolling it out throughout our organisation. I will save literally hours of admin time each week and admin cock-ups should be a thing of the past.

So, if you still create your own users...Still manually add people to groups...Still have users registered in the wrong OU...Still have no audit trail to say who was added to a group, when and who authorised...then maybe it's time to get the FirM in.

FirM is supplied by reseller HADSL and further details are at their website Tell them I sent you, it has to be worth a beer or two :O)

Comments/Trackbacks [0]